Latest CVE Feed

  1. Home
  2. Vulnerabilities
  3. Latest
Following is the list of latest published vulnerabilities. You can filter the list based on the severity of the vulnerability, whether it is actively exploited (also known as CISA KEV List) or remotely exploitable. You can also sort the list based on the published date, last updated date, or CVSS score.
Latest Critical Actively Exploited Remotely Exploitable
Published Last Updated CVSS Score

  • 8.1

    HIGH
    CVE-2024-11208

    A vulnerability was found in Apereo CAS 6.6 and classified as problematic. Affected by this issue is some unknown functionality of the file /login?service. The manipulation leads to session expiration. The attack may be launched remotely. The complexity o... Read more

    Affected Products : central_authentication_service
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 8.8

    HIGH
    CVE-2024-10962

    The Migration, Backup, Staging – WPvivid plugin for WordPress is vulnerable to PHP Object Injection in all versions up to, and including, 0.9.107 via deserialization of untrusted input in the 'replace_row_data' and 'replace_serialize_data' functions. This... Read more

    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 6.1

    MEDIUM
    CVE-2024-8648

    An issue has been discovered in GitLab CE/EE affecting all versions from 16 before 17.3.7, 17.4 before 17.4.4, and 17.5 before 17.5.2. The vulnerability could allow an attacker to inject malicious JavaScript code in Analytics Dashboards through a speciall... Read more

    Affected Products : gitlab
    • Published: Nov. 14, 2024
    • Modified: Dec. 12, 2024

  • 6.8

    MEDIUM
    CVE-2024-7404

    An issue was discovered in GitLab CE/EE affecting all versions starting from 17.2 prior to 17.3.7, starting from 17.4 prior to 17.4.4 and starting from 17.5 prior to 17.5.2, which could have allowed an attacker gaining full API access as the victim via th... Read more

    Affected Products : gitlab
    • Published: Nov. 14, 2024
    • Modified: Dec. 12, 2024

  • 5.3

    MEDIUM
    CVE-2024-11207

    A vulnerability has been found in Apereo CAS 6.6 and classified as problematic. Affected by this vulnerability is an unknown functionality of the file /login. The manipulation of the argument redirect_uri leads to open redirect. The attack can be launched... Read more

    Affected Products : central_authentication_service
    • Published: Nov. 14, 2024
    • Modified: Nov. 15, 2024

  • 8.8

    HIGH
    CVE-2024-10979

    Incorrect control of environment variables in PostgreSQL PL/Perl allows an unprivileged database user to change sensitive process environment variables (e.g. PATH). That often suffices to enable arbitrary code execution, even if the attacker lacks a data... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 11, 2025

  • 4.2

    MEDIUM
    CVE-2024-10978

    Incorrect privilege assignment in PostgreSQL allows a less-privileged application user to view or change different rows from those intended. An attack requires the application to use SET ROLE, SET SESSION AUTHORIZATION, or an equivalent feature. The pro... Read more

    Affected Products : debian_linux postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 3.7

    LOW
    CVE-2024-10977

    Client use of server error message in PostgreSQL allows a server not trusted under current SSL or GSS settings to furnish arbitrary non-NUL bytes to the libpq application. For example, a man-in-the-middle attacker could send a long error message that a h... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: Feb. 20, 2025

  • 5.4

    MEDIUM
    CVE-2024-10976

    Incomplete tracking in PostgreSQL of tables with row security allows a reused query to view or change different rows from those intended. CVE-2023-2455 and CVE-2016-2193 fixed most interaction between row security and user ID changes. They missed cases ... Read more

    Affected Products : postgresql
    • Published: Nov. 14, 2024
    • Modified: May. 09, 2025

  • 7.8

    HIGH
    CVE-2024-7730

    A heap buffer overflow was found in the virtio-snd device in QEMU. When reading input audio in the virtio-snd input callback, virtio_snd_pcm_in_cb, the function did not check whether the iov can fit the data buffer. This issue can trigger an out-of-bounds... Read more

    Affected Products : qemu
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 8.1

    HIGH
    CVE-2024-45670

    IBM Security SOAR 51.0.1.0 and earlier contains a mechanism for users to recover or change their passwords without knowing the original password, but the user account must be compromised prior to the weak recovery mechanism.... Read more

    Affected Products : soar
    • Published: Nov. 14, 2024
    • Modified: Nov. 16, 2024

  • 5.3

    MEDIUM
    CVE-2024-45642

    IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Nov. 14, 2024
    • Modified: Nov. 16, 2024

  • 4.8

    MEDIUM
    CVE-2024-45099

    IBM Security ReaQta 3.12 is vulnerable to cross-site scripting. This vulnerability allows a privileged user to embed arbitrary JavaScript code in the Web UI thus altering the intended functionality potentially leading to credentials disclosure within a tr... Read more

    Affected Products : linux_kernel security_qradar_edr
    • Published: Nov. 14, 2024
    • Modified: Nov. 16, 2024

  • 6.0

    MEDIUM
    CVE-2024-3447

    A heap-based buffer overflow was found in the SDHCI device emulation of QEMU. The bug is triggered when both `s->data_count` and the size of `s->fifo_buffer` are set to 0x200, leading to an out-of-bound access. A malicious guest could use this flaw to cr... Read more

    Affected Products : qemu hci_compute_node
    • Published: Nov. 14, 2024
    • Modified: Aug. 05, 2025

  • 7.5

    HIGH
    CVE-2023-4458

    A flaw was found within the parsing of extended attributes in the kernel ksmbd module. The issue results from the lack of proper validation of user-supplied data, which can result in a read past the end of an allocated buffer. An attacker can leverage thi... Read more

    Affected Products : linux_kernel
    • Published: Nov. 14, 2024
    • Modified: Aug. 19, 2025

  • 7.4

    HIGH
    CVE-2022-31671

    Harbor fails to validate user permissions when reading and updating job execution logs through the P2P preheat execution logs. By sending a request that attempts to read/update P2P preheat execution logs and specifying different job IDs, malicious authent... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31670

    Harbor fails to validate the user permissions when updating tag retention policies.  By sending a request to update a tag retention policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attacker cou... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31669

    Harbor fails to validate the user permissions when updating tag immutability policies.  By sending a request to update a tag immutability policy with an id that belongs to a project that the currently authenticated user doesn’t have access to, the attack... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 7.7

    HIGH
    CVE-2022-31668

    Harbor fails to validate the user permissions when updating p2p preheat policies. By sending a request to update a p2p preheat policy with an id that belongs to a project that the currently authenticated user doesn't have access to, the attacker could mod... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024

  • 6.4

    MEDIUM
    CVE-2022-31667

    Harbor fails to validate the user permissions when updating a robot account that belongs to a project that the authenticated user doesn’t have access to.  By sending a request that attempts to update a robot account, and specifying a robot account id and... Read more

    Affected Products : harbor
    • Published: Nov. 14, 2024
    • Modified: Nov. 19, 2024
Showing 20 of 291647 Results